<?php

// Starts a session
session_start();

// Includes the connection to the Database
include 'validateuser.php';
include 'dbConfig.php';

// Select Query
$q = "SELECT * FROM users "
        . " WHERE ID='" . $_SESSION["valid_id"] . "' "
        . " AND Password='" . md5($_POST["current_password"]) . "' ";

// Run the Query
$r = mysql_query($q);

if ($row = mysql_fetch_object($r)) {
    // Create session variables
    $q = "update users set Password='" . md5($_POST["new_password"]) . "' where ID='" . $_SESSION["valid_id"] . "'";
    mysql_query($q);

    // Close mysql
    mysql_close($ms);

    $_SESSION["wrongpassword"] = 0;
    $_SESSION["pwchangesuccess"] = 1;
    // Redirect to overview page
    header("Location: userprofile.php");
} else {
    // Close mysql
    mysql_close($ms);

    //Login not successful
    $_SESSION["wrongpassword"] = 1;
    header("Location: userprofile.php");
}
?>
